Chinese authorities have successfully breached the security measures protecting AirDrop, enabling them to unveil the identity details such as location, phone number, and email address of users immediately after sharing content through AirDrop. The apparent anonymity of AirDrop has been challenged as Beijing police can now trace the origin of unsolicited AirDrop requests through iPhone logs, revealing the sender’s phone number and email address.
Several suspects have already been identified using this method, with Chinese authorities asserting that it aims to simplify efforts to “prevent the spread of inappropriate expressions and possible bad influences.” This revelation raises concerns about the privacy and confidentiality of AirDrop users.
In the context of the pro-democracy movement in Hong Kong and China, AirDrop has been a tool for disseminating protest materials directly to nearby iPhones due to its offline functionality. The Chinese government, recognizing the challenges in monitoring AirDrop using conventional network monitoring tools, has introduced this new technology to identify senders, possibly as a deterrent against the continued use of AirDrop for protest purposes.
Apple’s reliance on a security mechanism for AirDrop, specifically the creation of an “AirDrop identity” linked to iCloud accounts, has faced criticism. This identity, based on phone numbers and email addresses associated with the Apple ID, is exchanged with nearby devices during AirDrop transfers, allowing devices to verify whether the sender and recipient are in each other’s contacts.
Warnings from researchers in the past highlighted the potential retrieval of personal data via AirDrop, as the AirDrop identity is transmitted when the Share menu is accessed. The recent report from China indicates that law enforcement uses tables to decipher the original information masked by the AirDrop identity. However, this method likely requires full access to the iPhone that received files via AirDrop. As of now, individuals may still have a degree of security, but the breach raises broader concerns about the privacy implications of using AirDrop in sensitive contexts.